Large enterprises looking to move some or all of their IT infrastructures to
third-party cloud providers have taken pause when it comes time for action due
to concerns about moving data that they are responsible for to an
infrastructure out of their complete control.
After all, it’s still the Wild West out there when it comes to the cloud, and
while analyst firms are forecasting that much more computing will move to the
cloud over the next several years, there’s plenty of work to be done to get it
there. And not just infrastructure building and technology work. Setting up
company policies on procurement of cloud services, establishing security
standards and meeting regulatory requirements will become important components
of any cloud migration plan.
Executives at outsourcing matchmaker TPI told Channel Insider that another
factor comes from regulations such as Sarbanes-Oxley that have changed
requirements for how publicly held companies must keep and report certain data.
Those requirements add another layer of contractual complexity to the cloud,
according to executives at TPI.
“Some of the new providers don’t understand the policies that big enterprises
need in place for Sarbanes-Oxley,” said Tom Lang, a partner and managing
director at TPI. To meet their requirements they are looking for providers
who have passed a SAS 70 audit.
Lang and Tom Young, another partner and managing director at TPI, told
Channel Insider that CIOs at public companies must ensure that their cloud
providers follow specific security and authentication rules and that those must
be spelled out in the cloud contract. But newer providers of public cloud
services, such as Google and Amazon, are in unfamiliar territory with customer
requirements of this nature and haven’t baked that language into contracts yet,
according to Lang and Young.
More traditional vendors who understand those concerns, such as HP, don't
have the same kind of commitment to making cloud services work because it may
be disruptive to their legacy businesses. That could leave enterprises out when
it comes to making a big jump to the cloud bandwagon in the near future
And there’s also a question as to whether cloud solutions are actually money-savers
at all for big companies.
“Clients are asking us to evaluate cloud solutions,” said Young. Those
clients want to know if such solutions really will make economic sense in their
particular situations.
Plus, there continue to be concerns about security. Plenty
has been written about the cloud and the security
challenges it presents to IT organizations.
McAfee
has introduced a new cloud security program aimed at SAAS providers. And cloud
computing was one of the hot topics at RSA’s
recent conference.
“When the cloud becomes much more economically viable, you’ll find more people
looking to solve its security problems,” Young said.
But just because these issues remain doesn’t mean that cloud computing should
be totally off limits for all enterprise companies.
“The thing we are trying to caution people on is to understand the absolute
risk,” Young said. That means looking at the relative risk of a cloud
solution when compared to a classic solution. Is it really less secure? A
classic solution may present more risk in some areas but less in others, for
example.
“If more desktops were in the cloud today, it would be a lot less risky than
all of us walking around with our hard drives,” Lang said.
 |
Cloud Computing 
